diff options
| -rw-r--r-- | apps/apps.c | 4 | ||||
| -rw-r--r-- | apps/apps.h | 4 | ||||
| -rw-r--r-- | apps/s_client.c | 8 | ||||
| -rw-r--r-- | apps/s_server.c | 6 | ||||
| -rw-r--r-- | ssl/ssl.h | 7 | ||||
| -rw-r--r-- | ssl/ssl3.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
| -rw-r--r-- | ssl/ssltest.c | 12 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 2 | ||||
| -rwxr-xr-x | util/ssleay.num | 2 |
10 files changed, 26 insertions, 23 deletions
diff --git a/apps/apps.c b/apps/apps.c index e35f3c458c..c5a3bb27e4 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2909,7 +2909,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) #endif -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifndef OPENSSL_NO_TLSEXT /* next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. * outlen: (output) set to the length of the resulting buffer on success. @@ -2951,7 +2951,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) *outlen = len + 1; return out; } -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ +#endif /* ndef OPENSSL_NO_TLSEXT */ void print_cert_checks(BIO *bio, X509 *x, const unsigned char *checkhost, diff --git a/apps/apps.h b/apps/apps.h index 0ed516232d..5f083d4097 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -337,9 +337,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret); void jpake_server_auth(BIO *out, BIO *conn, const char *secret); #endif -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifndef OPENSSL_NO_TLSEXT unsigned char *next_protos_parse(unsigned short *outlen, const char *in); -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ +#endif /* ndef OPENSSL_NO_TLSEXT */ void print_cert_checks(BIO *bio, X509 *x, const unsigned char *checkhost, diff --git a/apps/s_client.c b/apps/s_client.c index 36edaef01e..1e3bc391b5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -398,8 +398,8 @@ static void sc_usage(void) BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n"); # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); - BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); # endif + BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); @@ -670,8 +670,8 @@ int MAIN(int argc, char **argv) {NULL,0}; # ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; - const char *alpn_in = NULL; # endif + const char *alpn_in = NULL; # define MAX_SI_TYPES 100 unsigned short serverinfo_types[MAX_SI_TYPES]; int serverinfo_types_count = 0; @@ -1035,12 +1035,12 @@ static char *jpake_secret = NULL; if (--argc < 1) goto bad; next_proto_neg_in = *(++argv); } +# endif else if (strcmp(*argv,"-alpn") == 0) { if (--argc < 1) goto bad; alpn_in = *(++argv); } -# endif else if (strcmp(*argv,"-serverinfo") == 0) { char *c; @@ -2351,6 +2351,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_write(bio, proto, proto_len); BIO_write(bio, "\n", 1); } +# endif { const unsigned char *proto; unsigned int proto_len; @@ -2364,7 +2365,6 @@ static void print_stuff(BIO *bio, SSL *s, int full) else BIO_printf(bio, "No ALPN negotiated\n"); } -# endif #endif { diff --git a/apps/s_server.c b/apps/s_server.c index c4fe72dba0..1bac3b438f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1066,9 +1066,9 @@ int MAIN(int argc, char *argv[]) # ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; tlsextnextprotoctx next_proto = { NULL, 0}; +# endif const char *alpn_in = NULL; tlsextalpnctx alpn_ctx = { NULL, 0}; -# endif #endif #ifndef OPENSSL_NO_PSK /* by default do not send a PSK identity hint */ @@ -1525,12 +1525,12 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; next_proto_neg_in = *(++argv); } +# endif else if (strcmp(*argv,"-alpn") == 0) { if (--argc < 1) goto bad; alpn_in = *(++argv); } -# endif #endif #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) else if (strcmp(*argv,"-jpake") == 0) @@ -2159,8 +2159,10 @@ end: EVP_PKEY_free(s_key2); if (serverinfo_in != NULL) BIO_free(serverinfo_in); +# ifndef OPENSSL_NO_NEXTPROTONEG if (next_proto.data) OPENSSL_free(next_proto.data); +# endif if (alpn_ctx.data) OPENSSL_free(alpn_ctx.data); #endif @@ -1274,19 +1274,18 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, const unsigned char *in, unsigned int inlen, void *arg), void *arg); +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +#endif int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, const unsigned char *client, unsigned int client_len); -void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, - unsigned *len); #define OPENSSL_NPN_UNSUPPORTED 0 #define OPENSSL_NPN_NEGOTIATED 1 #define OPENSSL_NPN_NO_OVERLAP 2 -#endif - int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos, unsigned protos_len); int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos, diff --git a/ssl/ssl3.h b/ssl/ssl3.h index f49e1c8c76..5c5a5e8f4a 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -639,11 +639,11 @@ typedef struct ssl3_state_st #ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) +#endif #ifndef OPENSSL_NO_TLSEXT #define SSL3_ST_CW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_CONNECT) #define SSL3_ST_CW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_CONNECT) #endif -#endif #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) /* read from server */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 54f02a67c4..7eb1a0cafc 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1596,7 +1596,6 @@ int SSL_get_servername_type(const SSL *s) return -1; } -# ifndef OPENSSL_NO_NEXTPROTONEG /* SSL_select_next_proto implements the standard protocol selection. It is * expected that this function is called from the callback set by * SSL_CTX_set_next_proto_select_cb. @@ -1663,6 +1662,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi return status; } +# ifndef OPENSSL_NO_NEXTPROTONEG /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's * requested protocol for this connection and returns 0. If the client didn't * request any protocol, then *data is set to NULL. diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 3c232115f2..5e2fed8e72 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -295,7 +295,7 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) static BIO *bio_err=NULL; static BIO *bio_stdout=NULL; -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG /* Note that this code assumes that this is only a one element list: */ static const char NEXT_PROTO_STRING[] = "\x09testproto"; int npn_client = 0; @@ -914,7 +914,7 @@ static void sv_usage(void) " (default is sect163r2).\n"); #endif fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG fprintf(stderr," -npn_client - have client side offer NPN\n"); fprintf(stderr," -npn_server - have server side offer NPN\n"); fprintf(stderr," -npn_server_reject - have server reject NPN\n"); @@ -1325,7 +1325,7 @@ int main(int argc, char *argv[]) { test_cipherlist = 1; } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-npn_client") == 0) { npn_client = 1; @@ -1680,7 +1680,7 @@ bad: } #endif -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG if (npn_client) { SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL); @@ -2245,7 +2245,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (verbose) print_details(c_ssl, "DONE via BIO pair: "); -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG if (verify_npn(c_ssl, s_ssl) < 0) { ret = 1; @@ -2564,7 +2564,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (verbose) print_details(c_ssl, "DONE: "); -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG if (verify_npn(c_ssl, s_ssl) < 0) { ret = 1; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index d7f5f90712..8b7cce65f3 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2436,8 +2436,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char { if (tls1_alpn_handle_client_hello(s, data, size, al) != 0) return 0; +#ifndef OPENSSL_NO_NEXTPROTONEG /* ALPN takes precedence over NPN. */ s->s3->next_proto_neg_seen = 0; +#endif } /* session ticket processed earlier */ diff --git a/util/ssleay.num b/util/ssleay.num index 13918d37f9..243484eddb 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -315,7 +315,7 @@ SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG SSL_get_selected_srtp_profile 357 EXIST::FUNCTION: SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION: -SSL_select_next_proto 359 EXIST::FUNCTION:NEXTPROTONEG +SSL_select_next_proto 359 EXIST::FUNCTION:TLSEXT SSL_get_srtp_profiles 360 EXIST::FUNCTION: SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG |